- December 10, 2019
- Posted by: Chad Gniffke
- Category: Network Security
Security is still a hot topic. Especially now that attackers are really focusing on smaller businesses which often leads to big payouts. Many small business owners are not that concerned about network security thinking that they are too small to be a target for attackers.
Unfortunately today, that is a very foolish approach to take. It is not that the attackers won’t hit the small guys, it’s that their technology is getting so advanced that they don’t need to target any particular business. They cast a wide net and prey on the ones who are weak or who will blindly leave the door open for them.
It’s as if a thief was driving through your neighborhood. Since they are driving they can see several houses in a very short period of time. The houses that have left their garage door open are the ones they will hit. It’s not that they know anything about that house, it’s just that the door is open.
There are a few ways that people leave the door open to malware. Being aware of the vulnerabilities can help you shut that door and protect your network.
Clicking or Visiting a Malicious Link
We’ve probably all fallen for a scam at some point in our lives. What’s that saying, “fool me once”. These days scammers are really good at crafting the perfect pitch. They almost have better marketing than some of the biggest tech brands around.
The pop-up might be terrifying! It tells you that your computer was infected! The email might be really convincing trying to tell you they are sending an email from your account! Whatever lies they are telling you clicking on a malicious link is one of the fastest ways to open the door to malware.
Sometimes you might even be visiting a site you’ve been to a million times. If that site gets infected, you could quickly become infected as well.
Make sure you think twice before clicking on any links. If that link starts to download something or asks you to install something, stop right there and re-think the action. If necessary call a managed service provider in Orange County like briteCITY. We can help you decipher if that download is safe. 9 times out of 10 it’s not.
Recently a lot of companies are becoming infected because they have an open port on their network. A port is used for programs to communicate to other programs on your network.
For example, there are specific ports that email travels back and forth on. There is a port for your internet browsing. Sometimes it is necessary to open those ports so those programs can communicate their data.
Typically you would open these ports on a hardware device like a firewall. These devices will make sure only the right traffic is coming from the right location and ending up to the right location. It’s almost like a traffic cop stopping cars and telling them where to go.
Malicious actors will scan hundreds and thousands of networks at a time for an open port they can pass their malware through. Make sure you are only opening ports from specific locations to help mitigate this risk.
The previous items are bad, but nothing has the potential to do the most damage as compromised credentials. This means that the username and password of someone on your network have been discovered. You may have closed and locked all the doors, but compromised credentials give the bad actors the key.
Phishing is the most popular way to discover someone’s username and password. They get an email that looks legit and click the link and login to the platform they think they got the email from. Instead, they just gave their username and password to a malicious attacker.
With these credentials, the attacker can access anything that the user has access to and can cause some serious damage. Being aware of phishing attacks is only half of the problem though.
If you are using the same username and password on several different sites, once one has been compromised they could try those credentials on other sites. For example, data breaches happen all the time from large software-as-a-service companies like MyFitnessPal, and more.
To find out if your common credentials are out there check out Have I Been Pwned. If you enter your email address it will let you know if your email and password have been leaked in any of the major data breaches. Using different passwords on all sites you log in to will help mitigate the damage from these massive data leaks.
As you can see, network security is something everyone needs to pay attention to and take seriously. Don’t consider yourself immune because you are small. Attackers don’t care what size your company is, they just want to get paid.